# Contributor: Jake Buchholz Göktürk <tomalok@gmail.com>
# Maintainer: Jake Buchholz Göktürk <tomalok@gmail.com>

pkgname=containerd

# NOTE: containerd's Makefile tries to get REVISION from git, but we're building from a tarball.
_commit=83031836b2cf55637d7abf847b17134c51b38e53
pkgver=1.7.16
pkgrel=0
pkgdesc="An open and reliable container runtime"
url="https://containerd.io/"
arch="all"
license="Apache-2.0"
depends="runc"
makedepends="btrfs-progs-dev go go-md2man libseccomp-dev log_proxy"
subpackages="
	$pkgname-ctr
	$pkgname-doc
	$pkgname-stress
	$pkgname-openrc
"
source="containerd-$pkgver.tar.gz::https://github.com/containerd/containerd/archive/v$pkgver.tar.gz
	update-vendor-ebpf-to-v0.11.0.patch
	containerd.confd
	containerd.initd
"
options="net"

# secfixes:
#   1.6.18-r0:
#     - CVE-2023-25153
#     - CVE-2023-25173
#   1.6.12-r0:
#     - CVE-2022-23471
#   1.6.6-r0:
#     - CVE-2022-31030
#   1.6.2-r0:
#     - CVE-2022-24769
#   1.6.1-r0:
#     - CVE-2022-23648
#   1.5.9-r0:
#     - CVE-2021-43816
#   1.5.8-r0:
#     - CVE-2021-41190
#   1.5.7-r0:
#     - CVE-2021-41103
#   1.5.4-r0:
#     - CVE-2021-32760
#   1.4.4-r0:
#     - CVE-2021-21334
#   1.4.3-r0:
#     - CVE-2020-15257
#   1.3.3-r0:
#     - CVE-2019-19921
#     - CVE-2020-0601
#     - CVE-2020-7919
#     - CVE-2019-11253
#   1.3.1-r0:
#     - CVE-2019-17596
#   1.3.0-r0:
#     - CVE-2019-16884
#   1.2.9-r0:
#     - CVE-2019-9512
#     - CVE-2019-9514
#     - CVE-2019-9515
#   1.2.6-r0:
#     - CVE-2019-9946

export GOFLAGS="$GOFLAGS -modcacherw -mod=readonly"
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
export GOTMPDIR="${GOTMPDIR:-"$srcdir"}"
export GOMODCACHE="${GOMODCACHE:-"$srcdir/go"}"

build() {
	export GO111MODULE=on
	go mod tidy

	make SHIM_CGO_ENABLED=1 VERSION="v$pkgver" REVISION="$_commit" BUILDMODE=pie
	make man
}

check() {
	./bin/containerd --version
}

package() {
	install -d "$pkgdir"/usr/bin/
	install -Dsm755 ./bin/* "$pkgdir"/usr/bin/
	# useless binary only to make manpages
	rm "$pkgdir"/usr/bin/gen-manpages

	install -Dm755 "$srcdir"/$pkgname.initd \
		"$pkgdir"/etc/init.d/$pkgname
	install -Dm644 "$srcdir"/$pkgname.confd \
		"$pkgdir"/etc/conf.d/$pkgname

	install -d "$pkgdir"/usr/share/man/man5/
	install -Dm644 "$builddir"/man/*.5 "$pkgdir"/usr/share/man/man5/
	install -d "$pkgdir"/usr/share/man/man8/
	install -Dm644 "$builddir"/man/*.8 "$pkgdir"/usr/share/man/man8/
	install -d "$pkgdir"/etc/containerd/
	"$pkgdir"/usr/bin/containerd config default | sed "s|/opt/cni/bin|/usr/libexec/cni|g" > "$pkgdir"/etc/containerd/config.toml
}

openrc() {
	default_openrc
	depends="log_proxy"
	install_if="openrc $pkgname=$pkgver-r$pkgrel"
}

ctr() {
	pkgdesc="unsupported debug/admin client for containerd"
	amove usr/bin/ctr
}

stress() {
	pkgdesc="containerd-stress utility"
	amove usr/bin/containerd-stress
}

sha512sums="
2d6aa4b11d75c1e94de90737cfb16cd34b5c802f5de6f10786856f5c57b69f70ebf6402ac935293cb977da76b142bca4bf5630658c2ee375947db72f14847a35  containerd-1.7.16.tar.gz
d06e051538b5b550fdd739bf91463c6cd0af0225ec351e080ec21d4ff1372b9e8364cab3c974207180f8eef7d85a069a4dad88bf63eed268ffe8becd1dd973b7  update-vendor-ebpf-to-v0.11.0.patch
5fb37b88554422738cc75b944b75836c123d87d418a16c6a25b9d49da023bd0e654d1aa694e60026de42c055ccf7469f5b4778a4876e94720ec2f40d618db580  containerd.confd
8315a8d58b4ba7e19ebed2cd82c7b5eaab45da630f9818a9e6cc8f3c8e88f159432474299798f79e6e465e843c91c0f50df04030083c8913c385ea1d73e81e6a  containerd.initd
"
